I don't need inbound ftp, ssh and https at home since I'm not running a web server at home. Seemed like you asked a pretty simple question to me.
andy, assuming seems to be a big thing around here. Why would I need http? What if I just us a https site? mike, i didnt ask what you run at work, I believe my question was what a good business firewall would be, you know checkpoint, isa, cisco pix, etc. but with 1337 haxor skillz, i see your location is MD, your a DCU fan, so maybe you work in the district. so maybe you work for a govt agency, so maybe you run a common gubmnet firewall system. LOL
Is this a joke of some kind? How can you run https without having http running? Actually, your question was: "What's your firewall?" with no specifics about where you ran it. Actually, I do work for the government, but not in DC. I'm in Bethesda, MD, specifically at the National Institute on Aging, one of the National Institutes of Health. Feel free to try to get to my desktop PC here at work. Hell, try to get past my Linksys router at home. With the skillz you've shown so far, I'm not worried.
Hang on. Maybe I'm being a bit thick here, (wouldn't be the first time, everyone shouts in unison), but do you mean you ACCESS an https site, i.e. https://eopen.microsoft.com/en/default.asp Is that what you mean? You use your computer to access that site using Internet Explorer, Netscape or whatever? If so you don't need to allow connections INWARDS on port 443 at all. Sorry mate - maybe I'm being dense but I'm getting confused as to what you're doing. It may not seem like it but I am genuinely trying to be helpful. If you go to something like www.grc.com and run their 'Shields up' test does it report any ports open? If you're using a pc to simply access the internet, send/receive email, download/upload files, etc., and not running a website, (secure OR insecure), ftp repository or need to acess your PC from the internet using ssh, it shouldn't.
Who said anything about running, im talkin about blocking, its a firewall afterall, not a website. are you confused here on the topic of the thread? LOL well yes that is the title of the thread, but you were referring to my later question in a later post. you are confused arent you? for t wellhey, i got that you work for gubment cheese. and what do you know about my skillz? this thread? now thats a good way to evaluate some one, from a internet post. oh i guess you were just trying to insult me. weak sauce buddy.
ok both of u are culeros. a local website is running https http whatever, it is behind a firewall. Say I want to access this website from a remote location. I would need 443 and 80 allowed inbound. I only use 443 so 80 is not needed. yes you are a bit dense, or sorry i may have made my post not very n00b understandable.
Y'know, people would find you easier to get on with if you didn't try and go our of your way to insult them. I AM trying to be helpful, if not to you, then to other people who may not have your knowledge of the subject. Please try and recognise that. Frankly I'm still having trouble what you're talking about but anyway... If you are using a PC to access websites whether they are secure, (https on port 443), or insecure, (http on port 80), you DO NOT need to allow inbound connections on those ports. I could point you at various websites but it's probably easier to just explain it. When a tcp connection is initiated, (i.e. connecting to a website), the sending computer initiates a connection using a random source port above 1024 to a destination port defined by the application. In the case of web browsing that would be http which is port number 80. For example, machine A would randomly choose a source port to send the request out on (example 20000) and connect to port 80 on B. B then responds to the source port, (20000), of A so the packet being returned would then have a source port 80 (from B) and a destination port of 2000 (going to A's IP). The point is that YOUR PC, machine A in the example above, DOES NOT NEED to allow connections into IT'S port 80. The same holds true for ALL TCP/IP comunications. So, the general rule is DO NOT allow incoming connections on ANY ports unless you find that something doesn't work and even then, make sure it's not something to do with something else.
no no no, the website is behind a firewall, i have to go through the firewall to access it. for example say I want to access microsoft.com from home. MS has a firewall(not me) only allowing 80 and 443, but say they only want to allow 443, like me, into their website, then they would only allow 443 if they chose. i understand how handshake works.
This is just too funny. If you understand so much, WTF was your point in starting this thread? $µr3, wh473v3r ¥0µ $4¥ 3£173 h4(|{3r Ð00Ð. 1Ð107
If you are a home user with a cable modem, or a high-speed connection that gives you a public IP, you need a border firewall- Either a store bought hardware device or a linux firewall running on your old pc. Then you want a software firewall and anti-spyware and all the stuff you all already know about. Thats it really. I mean have at it if you want and secure it more but the effort to benefit ratio goes down the drain. If you have your cable or DSL modem or router does NAT translation and you have a private address, you only have to worry about the software firewall and stuff. You're not worried about the quality hackers, they're not interested in you. You just need to keep out the script kiddies. If you have wireless you need to 'secure' it. WEP keys have to be broadcast for it to work so it's still insecure, but it'll keep out most casual curiosity browsers. Any war driver worth their pringles can will still be able to get in, though . . . .
Other important things are:- 1. Keep your software, (MS/Linux/whatever), patched ALL the time. Frankly, if you don't do this I wouldn't bother with the rest. You're wasting your time. 2. Anti-virus, obviously, and again, keep the virus patterns up to date. 3. Set your default email and browser options to a safe default, preferably excluding ANY programming facilities like MS scripting, (shudder!), and ActiveX. The next time I'm contacted by someone who's got a virus/worm/whatever through one of these I'm gonna take out a contract on Bill Gates... or 'the mofo' as I call him. 4. Use a digital security certificate for all email communications if possible. If your anti-spam prog goes tits up at some point or is set to too low a threshold then you will probably still recognise an attachment, link or whatever that you shouldn't open. 5. Keep back-ups and 'TEST THEM'. The amount of people I've had come to me with backups that haven't run a simple test is amazing. All you need to do is write a word document into a directory you backup and then delete it. If you can't get even that back again you've got problems. Obviously, you should do a full compare as well from time to time but the word doc test thingie takes, what? 2 minutes?... and yet people STILL don't bother. It's bloody amazing... and I'm talking about some BIG companies and organisations as well. You'd be surprised. Also, at least one backup should be stored off premises all the time on a rotating basis. 6. Passwords should be a minimum of 8 characters with a mixture of upper and lower case. If you're runing a network NEVER let a user chose a password. If they can't remember it? There's the quill and parchment... now fvck off. Do I sound like a hard liner? Knowledge learnt the hard way I'm afraid.
im gonna have to draw it out for you i see. in my examplewith mircorsoft MY firewall would have 443 blocked inbound, because thats not hte direction im using it. My example MS Website <-- MSfirewall(443 open inbound) -- Internet -- MY FW(443 open outbound) -- My workstation In my real life config: Remote workstation --> Internet --> My home FW(443 open inbound) -- My webserver get it now?
I'm sorry? You don't use your PC hardly any more? I don't understand what you mean. Let's try another route then. If you go to www.grc.com and run the shields up test, does it show port 443 as being open, closed or what it refers to as stealthed? Actually, it means that packets sent are silently dropped instead of replying with a non response.
mfer dude your frekin frustrating. I hardly use my web site on 443 anymore. geeez it shows it as open. hold on lemme run it and see.....
In the meantime, for the benefit of everyone else, you DO NOT need ANY ports open for emailing, browsing, ftp downloading, secure shell or anything else. That means 99% of computer users regardless of what operating system they're running apart, that is, for those people who use P2P software. Frankly, if you're interested in security in any way at all you shouldn't run programmes on them that you, or someone you trust implicitly, can't check out the source code for and that allow people to connect into your machine.